Ardhendu Samajdwer Blog

We were working on an application which has been built using JavaScript framework. It is a very common scenario now a days to have a JavaScript based UI application which interacts with REST  services, and our application was not much different from them.  Like most of the cases, we also had a requirement of security implementation for the application. We decided to use Oracle Access Manager (OAM) in a Detached Credential Collector (DCC) setup. To learn more about DCC setup, you can always refer to Oracle Docs . Below image shows you a very high-level overview about the setup, but excluding the REST resource part. Flow can be described as below: 1. Browser makes a request to the app and it hits the WebGate. 2. WebGate checks if the user is authenticated. If not, then a request goes to OAM and user gets a login screen of OAM to authenticate. 3. Post authentication, request goes back to OHS along with a response header parameter . (There is a bit of configuration assoc...